Vigor 3900 Router Firewall

Overview

High Performance Multi-WAN VPN Appliance

The Vigor 3900 is a high-performance quad-Gigabit WAN router for high-performance applications including remote access, firewalling, load-balancing and failover. Its WAN throughput runs at up to 1Gb/s, adequate for the most demanding SME applications. The WAN ports on the Vigor 3900 can provide load balancing or WAN failover. Based on a new DrayTek OS platform, the Vigor 3900 combines high performance and capacity with DrayTek's traditional ease of use and comprehensive features set.

For multi-tenant or departmental flexibility, the Vigor3900 will support multiple LAN IP subnets, together with VLAN capabilities and user management, providing access to WAN resources only to the appropriate users or departments, as well as maintaining infrastructure effciency.

Fibre is of particular use for longer distance deliveries, beyond the range of standard Ethernet, or where copper connections cannot be used. WAN Load-balancing weight or traffic-type rules can be set or on an automatic basis to spread WAN traffic evenly across all interfaces on a best-endeavour basis.

If you need more WAN connections, the Vigor 3900 supports VLAN tags on its WAN ports, allowing up to 50 WAN ports with optional Switch

VPN

As a VPN endpoint/concentrator, the Vigor 3900 will support up to 500 simultaneous teleworker or LAN-to-LAN VPNs, with a VPN throughput of up to 700Mb/s with IPsec VPN tunnels, thanks to its hardware-based VPN co-processor.

VPN security includes certificate, MOTP or token/PSK based access and key-hash authentication to ensure maximum security.

SSL VPN

DrayTek's SSL VPN uses standard TLS encryption (the same protocol used for HTTPS web sites) and therefore can pass unimpeded through most networks and public Internet access/WiFi.

An SSL VPN tunnel can be created from any client device - Windows, MacOS, iOS (iPhone/iPad) and Android phones and tablets. The freely available DrayTek Smart VPN Client app

makes it easy on any of those platforms. Once connected, you can access the remote resources and, commonly, create remote desktop sessions to the remote device.

High Availability

For even greater resilience, the Vigor 3900 provides High Availability (HA).

The CARP protocol (equivalent to VRRP or HSRP) lets you set up a master and secondary Vigor 3900 whereby in the event of the master unit failing, the secondary unit can seamlessly and automatically switch over. This can remove the possibility of a single point of failure within your routers. Additionally, multiple active Vigor 3900's can provide reciprocal routing backup to other active Vigor 3900s.

VPN Features

VPN - Linking remote offices, HQ, teleworkers and mobile staff

A feature central to DrayTek routers is its VPN (Virtual Private Networking) capabilities. A VPN enables you to link remote offices and branch offices back to HQ, or home-based/mobile teleworkers back to your office. Once connected, they have access to your office/remote resources through a secure encrypted tunnel allowing remote desktop, file sharing and seamless access to other resources and devices.

The Vigor 3900 allows you to have up to 500 simultaneous VPN tunnels to remote offices or teleworkers. It supports all common industry standard protocols, encryption types and authentication methods (see specification tab for full support list). Teleworkers can authenticate directly with your LDAP server if preferred.

The Vigor 3900 supports VPN trunking; this allows you to create tunnels down muliple WAN connections to a remote site in order to increase bandwidth. VPN trunking also provides failover (backup) of your VPN route down a secondary WAN connection. You can learn more about DrayTek VPN here. Teleworkers can also use 2FA (Two factor authentication) such as MOTP.

The Vigor 3900 supports up to 100 DrayTek SSL VPN tunnel connections. These are encrypted tunnels linking your teleworkers or remote DrayTek Vigor routers back to your main office using SSL/TLS technology - the same encryption that you use for secure web sites such as your bank.

Site to site VPN tunnels can connect branch offices to a main office, with DrayTek SSL VPN encryption securing the connection between the two offices, a TLS encrypted HTTPS tunnel which can be more secure than PPTP, and easier to configure than an IPsec VPN tunnel.

DrayTek SSL VPN is simple to configure, providing a more secure alternative to the now obsolete Point to Point Tunneling Protocol (PPTP VPN); which has known weaknesses and is now considered to be insecure. Setup is similar to a PPTP VPN tunnel in that it authenticates with an SSL VPN Username and Password.

VPN Trunking

VPN Trunking

VPN Trunking is the facility to create more than one VPN tunnel, over a second Wan CONNECTION, to the same remote location in order to provide either increased bandwidth between the two sites (load balancing) or resilience (failover) in the event that one tunnel/connection is interrupted. The Vigor 3900 supports both Failover and Load Balancing modes for VPN Trunks.

The Vigor 3900 already supports load balancing to the Internet using its quad-WAN ports. What VPN trunking does is enables a single virtual tunnel to be created across both WAN connections to the same remote location creating a single virtual tunnel, recombining the tunnel at the other end. As far as the traffic and LAN devices/clients are concerned, there is just a single tunnel, with increased bandwidth.

In the diagram above, you can see a single virtual tunnel as far as the LAN at each end is concerned. Within the router, two WAN connections are being used with each router, across which the VPN tunnel can be spread, increasing total capacity and/or redundancy (for failover).